Legal claims defining the scope of protection, as filed with the USPTO.
1. A system, comprising: a network tap configured to: intercept a network data packet before provision to an intended target electronic device; and provide the network data packet to a set of one or more inline tokenizers; the set of one or more inline tokenizers, configured in parallel to: receive one or more network data packets; identify, in the one or more network data packets, sensitive data; extract the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
2. The system of claim 1 , comprising: a set of one or more detokenizers, configured in parallel to: rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
3. The system of claim 1 , wherein the storage comprises a storage fabric.
4. The system of claim 1 wherein the set of inline tokenizers are configured to encrypt the sensitive data after extracting the sensitive data from the one or more packets.
5. The system of claim 1 , wherein the token is created from random numbers.
6. The system of claim 1 , wherein the token is created from a cryptographic hash.
7. The system of claim 1 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
8. The system of claim 7 , wherein the sensitive data is identified by searching for strings that match one or more of the regular expressions.
9. The system of claim 7 , wherein the corresponding search pattern comprises: a pattern to identify potential social security numbers.
10. The system of claim 7 , wherein the corresponding search pattern comprises: a pattern to identify potential credit card numbers.
11. The system of claim 1 , wherein the sensitive data comprises content to censor.
12. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions that, when executed by one or more processors of a machine, cause the machine to: receive one or more network data packets of intercepted network data; identify, in the one or more network data packets, sensitive data; extract the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
13. The machine-readable medium of claim 12 , comprising machine-readable instructions that, when executed by the one or more processors of the machine, cause the machine to: rebuild the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide the one or more rebuilt network data packets to the intended target electronic device.
14. The machine-readable medium of claim 12 , wherein the token is created from random numbers.
15. The machine-readable medium of claim 12 , wherein the token is created from a cryptographic hash.
16. The machine-readable medium of claim 12 , comprising machine-readable instructions that, when executed by the one or more processors of the machine, cause the machine to run in parallel with a second machine that: receives a second one or more network data packets of second intercepted network data; identifies, in the second one or more network data packets, second sensitive data; extracts the second sensitive data from the second one or more packets; stores the second sensitive data in a second storage; rebuilds the second one or more network data packets into one or more second rebuilt network data packets, replacing the second sensitive data with a second token that may be used to identify the second sensitive data stored in the second storage; and provides the one or more second rebuilt network data packets to a second intended target electronic device.
17. The machine-readable medium of claim 12 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
18. A computer-implemented method, comprising: receive, via the computer, one or more network data packets; identify, via the computer, in the one or more network data packets, sensitive data; extract, via the computer, the sensitive data from the one or more packets; store the sensitive data in a storage; rebuild, via the computer, the one or more network data packets into one or more rebuilt network data packets, replacing the sensitive data with a token that may be used to identify the sensitive data stored in the storage; and provide, via the computer, the one or more rebuilt network data packets to the intended target electronic device.
19. The computer-implemented method of claim 18 , wherein the sensitive data is identified using regular expressions that form a corresponding search pattern.
20. The computer-implemented method of claim 18 , wherein the sensitive data comprises content to censor.
Unknown
September 1, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.